Security - ycTIN

Generate a Certificate Signing Request(CSR) with OpenSSL / Linux

October 3, 2020October 3, 2020 Timmy Tin Leave a comment

Commands:

openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048

1	openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048

openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

1	openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

References:

https://support.rackspace.com/how-to/generate-a-csr-with-openssl/

Unable to start firewalld, Active: failed (Result: timeout)

October 3, 2020October 3, 2020 Timmy Tin Leave a comment

Problem:

Try to start firewalld service via the following command

systemctl start firewalld

1	systemctl start firewalld

but get the following error after few seconds no response:

firewalld.service: Start operation timed out. Terminating. 
firewalld.service: Failed with result 'timeout'. 
systemd: Failed to start firewalld - dynamic firewall daemon.

firewalld.service: Start operation timed out. Terminating.

firewalld.service: Failed with result 'timeout'.

systemd: Failed to start firewalld - dynamic firewall daemon.

Solution:

Execute the following command to restart firewalld service

systemctl stop firewalld;pkill -f firewalld;systemctl start firewalld

1	systemctl stop firewalld;pkill -f firewalld;systemctl start firewalld

How to encrypt and decrypt .cpt file

September 2, 2017September 2, 2017 Timmy Tin Leave a comment

What is .cpt extension?

.cpt is a encrypted file format, you can use ccrypt to create and decrypt .cpt file

How to encrypt and decrypt .cpt file

Encrypt a file

ccencrypt /tmp/demo.txt

1	ccencrypt /tmp/demo.txt

Decrypt a file.

ccdecrypt /tmp/demo.txt.cpt

1	ccdecrypt /tmp/demo.txt.cpt

How to install ccrypt

Install ccrypt on CentOS

sudo yum install ccrypt

1	sudo yum install ccrypt

Install ccrypt on Debian/Ubuntu

sudo apt-get install ccrypt

1	sudo apt-get install ccrypt

Generating an SSH Key Pair on Linux and Mac

November 2, 2016November 20, 2016 Timmy Tin Leave a comment

Short Version

ssh-keygen -t rsa

1	ssh-keygen -t rsa

Increased Security

ssh-keygen -b 4096 -t rsa

1	ssh-keygen -b 4096 -t rsa

My Favorite

ssh-keygen -b 4096 -t rsa -f <EMAIL ADDRESS> -C <EMAIL ADDRESS>

1	ssh-keygen -b 4096 -t rsa -f <EMAIL ADDRESS> -C <EMAIL ADDRESS>

Convert .cer to .crt certificates for Apache/mod_ssl using OpenSSL

August 16, 2016June 24, 2018 Timmy Tin Leave a comment

Assume you have a CER is an DER encoded X.509 certificate in binary form, and you want to have a PEM-encoded X.509 Certificate file for Apache.

The following command may help:

openssl x509 -inform DER -in certfile.cer -out certfile.crt

1	openssl x509 -inform DER -in certfile.cer -out certfile.crt

Apache/mod_ssl request PEM-encoded X.509 Certificate file

Reference: http://www.modssl.org/docs/2.8/ssl_reference.html#ToC10

SSLCertificateFile

Name: SSLCertificateFile
Description: Server PEM-encoded X.509 Certificate file
Syntax: SSLCertificateFile filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
This directive points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. This directive can be used up to two times (referencing different filenames) when both a RSA and a DSA based server certificate is used in parallel.

Example:
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt

SSLCertificateFile

Name: SSLCertificateFile

Description: Server PEM-encoded X.509 Certificate file

Syntax: SSLCertificateFile filename

Default: None

Context: server config, virtual host

Override: Not applicable

Status: Extension

Module: mod_ssl

Compatibility: mod_ssl 2.0

This directive points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. This directive can be used up to two times (referencing different filenames) when both a RSA and a DSA based server certificate is used in parallel.

Example:

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt